All the latest UK technology news, reviews and analysis


Microsoft to patch Internet Explorer ActiveX Control zero-day vulnerability

12 Nov 2013
Microsoft Internet Explorer

Microsoft has released a fix for an ActiveX Control critical vulnerability in its Internet Explorer (IE) browser that was being targeted by an advanced watering hole attack.

Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs confirmed the fix in a post on the company's Security Response Center blog.

"The security update will be distributed to customers tomorrow [Tuesday 12 November] via Windows Update at approximately 10am PDT [6pm GMT]. Customers who have Automatic Updates enabled will not need to take any action to receive the update," read the post.

The IE vulnerability was discovered by security firm FireEye earlier in November. The vulnerability is known to have been targeted with an advanced watering hole attack. Watering hole attacks are scams that see hackers turn websites commonly visited by their intended victim into malware-distribution tools.

The attack is significant as it was able to put malware directly onto a computer's memory without first writing it to the hard disk. The execution made it more difficult for companies to check whether their systems had been compromised by the malware using traditional techniques.

Childs called for businesses to take temporary protective measures while they wait for the full fix. These include setting the company's internet and local intranet security settings to high, configuring IE to send a prompt before running Active Scripting or disabling Active Scripting completely and deploying Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

The IE vulnerability discovery comes during a reported boom in cyber attacks. Microsoft released a workaround fix for vulnerabilities in Microsoft's Lync, Office and Windows Server earlier in November, and it is now building a full patch.

The severity of the threat posed by hackers has led many companies to call for increased collaboration between security vendors. Symantec pledged to create a centralised information-sharing big data hub to help customers spot targeted attacks in October.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
12%
6%
10%
3%
19%
3%
47%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Junior Software / App Developer - VC Backed Medical Tech Start-Up

Junior Software / App Developer - University Spin Off...

Web Developer - £30k - £37k, Manchester city centre, PHP, MVC, Python

PHP Web Developer - Manchester city centre, £30k - £37k...

IT Systems Administrator - Warrington, £40k - £45k basic, Concept

IT Systems Administrator - Birchwood, Warrington, £40k...
To send to more than one email address, simply separate each address with a comma.